Installation & Configuration

Introduction

Ansible is a free configuration management tool, it supports managing the configurations of Unix-like and Microsoft windows systems. Ansible manages nodes over SSH or PowerShell and python to be installed on themAnsible helps you to perform configuration, management and deployment of softwares on 100s of nodes using SSH, the entire operation can be executed by one single command ‘ansible’. But, in some cases, where you may require to execute multiple commands for a deployment.

Architecture:

other configuration management tools like puppet, chef and CFEngine, server software is installed on one machine and client machines are managed through the agent. Wherein Ansible, the nodes are managed by controlling machine (Ansible server) over SSH, so there won’t be any agent running on node machines.

Ansible deploys modules to nodes over SSH, these modules are temporarily stored in the nodes and communicate with the Ansible server through a JSON protocol. Modules are nothing but a script written in Python, Perl, Ruby, bash, etc

System Requirements:

Controlling Machine:You can run Ansible on any machine which is having Python 2.6 or 2.7 installed (Windows isn’t supported for the control machine).Supports Red Hat, Debian, CentOS, OS X, any of the BSDs.

Client Nodes:

Client machines should atleast have Python 2.4 or later, but if you are running less than Python 2.5 on the nodes, you will also need:python-simplejsonNote: If you have SELinux enabled on remote nodes, you will have to install below package on nodes before using any copy/file/template related functions in Ansible.libselinux-python

SSH Authentication:

As said earlier, Ansible uses native OpenSSH for remote communication. when it comes to ssh authentication, by default it uses ssh keys (passwordless authentication) to authenticate with the remote machine. In every remote host, there will be a user account “hans-karri”Generate the SSH public key on controlling machine,

Use following command to place a SSH keys on remote hosts.Note: Below command will overwrite the existing keys that are already installed.

ssh-copy-id hans-karri@192.168.12.7ssh-copy-id hans-karri@192.168.12.8Sample output of above command.$ ssh-copy-id hans-karri@192.168.12.8The authenticity of host '192.168.12.8 (192.168.12.8)' can't be established.ECDSA key fingerprint is a1:cb:88:60:46:16:fd:d3:93:31:4b:5f:94:5e:78:f8.Are you sure you want to continue connecting (yes/no)? yes/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keysraj@192.168.12.8's password:

Number of key(s) added: 1

Now try logging into the machine, with: “ssh ‘raj@192.168.12.8′”and check to make sure that only the key(s) you wanted were added.Once you copied the keys to remote hosts, check the passwordless communication.ssh hans-karri@192.168.12.7ssh hans-karri@192.168.12.8You should now be able to login to the remote machine without entering the password.

Password Authentication:

Password authentication can also be used where needed by supplying the option “–ask-pass“, this command requires “sshpass” to be installed on controlling machine.

# Ubuntu 14.04 / 15.04

$ sudo apt-get install sshpass

# CentOS 7 / RHEL 7 / Fedora 22

# yum install sshpass

Note: You can use any one of the authentication method that is suitable to your infrastructure.

Creating Inventory:

Edit (or create) /etc/ansible/hosts, This file holds the inventory of remote hosts to which Ansible needs to connect through SSH for managing the systems.$ sudo vi /etc/ansible/hostsPut one or more remote systems in it. For example, add ip address of our nodes. (remove the unwanted IP addresses).[web-servers]192.168.12.7192.168.12.8In the above, both nodes belong to [app-server] group, groups are used to classifying systems for particular use. If you do not specify any group, they will act as a ungrouped hosts.

First Command:

Now it is the time to check all our nodes by just doing a ping from controlling machine, to do that we will use the command “ansible” with options “-m” (load module) and “all” (group of servers).

In the above example, we have used ping module with “ansible” command to ping all the remote hosts. The same way, we can use various modules with “ansible” command, you can find available modules here.

Remote Command Execution:

This time, we will use “command” module with “ansible” command to get remote machine information. For example, we will execute “hostname” command along with “command” module to get hostname name of remote hosts at one go.